Multiple Steam Accounts Hijacked

Multiple Steam accounts have been hijacked over the last week, thanks to a bug.

The Steam Store and website were briefly unavailable this morning, but it is unclear whether this is related to any security issues.

Exit Theatre Mode

Last week, a security "loophole" allowed anyone in the world to access your account using the Lost Password function on Steam, as long as they had your username. From there they could change your password and gain access to your account with no verification needed.

The security issue has now been fixed, however the bug could have been impacting the Steam service all of last week from July 21-25. Valve told Kotaku that it is "resetting passwords on accounts with suspicious password changes during that period."

Exit Theatre Mode

"Please note that while an account password was potentially modified during this period the password itself was not revealed," the statement continues. "Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified."